Cyber Crime Drives Up The Cost Of Insurance

For companies and organisations, an attack by hackers can inflict financial losses, corporate embarrassment and legal action. For insurers jumping into the brave new world of cyber-crime insurance, it’s free marketing for what could be a $10 billion opportunity.

High-profile computer breaches like the hack of the Democratic National Committee and the Twitter Swastika Hack are reinforcing the need for protection against cyber threats, and companies such as Allianz SE and Beazley Plc are eager to step in.

Insurers see coverage against hackers as one of their most promising markets, estimating that premiums will triple over the next four years.

“We are optimistic that it can develop into Allianz’s and the industry’s next blockbuster,” Hartmut Mai, chief underwriting officer for corporate lines at Allianz’s industrial insurance arm, said in an interview. “Cyber insurance is our key growth area at the moment.”

A new breed of coverage couldn’t come at a better time for insurers, which are struggling to expand in most of their established markets amid slow economic growth and low catastrophe claims that weigh on prices. Insurance premium income stagnated in Europe last year and is expected to grow 1.3 percent next year, according to reinsurer Munich Re. The company estimates that cyber insurance premiums could rise to between $8.5 billion and $10 billion by 2020 from about $3.4 billion currently.

A further boost to demand may come from rules to be introduced next year by the European Union that will require companies to report cyber breaches to regulators and affected individuals.

Allianz currently writes a double-digit million-euro amount of cyber insurance premiums and recorded 28 percent growth last year, according to Mai. He said the product may evolve into an industry bestseller comparable to directors-and-officers liability insurance, which became a top offering during the last decade and now accounts for about 10 billion euros ($11 billion) in global premiums.

Boardroom Issue
“Cyber risk has become a boardroom issue over the past years, following some high profile hacker attacks,” Paul Bantick, head of cyber insurance at Beazley, said in an interview. “We haven’t seen the big breaches at the retailers such as in 2015 or the large health-care breaches that occurred in 2016. Yet, there’s still a high frequency of smaller losses.”

Cyberattacks involving ransomware -- in which criminals use malicious software to encrypt a user’s data and then extort money to unencrypt it, increased 50 percent in 2016, according to a report from Verizon Communications Inc. Criminals increasingly shifted from going after individual consumers to attacking vulnerable organisations and businesses, the report said.

Government organisations were the most frequent target of these ransomware attacks, followed by health-care businesses and financial services, according to data from security company McAfee Inc., which partnered with Verizon on the report.
While companies have had decades, and in some cases centuries, to work out the risks of fire, natural catastrophes and physical theft, cyber-crime is relatively recent, with new and more sophisticated schemes being developed every year. With damages on the rise, the biggest challenge for insurers is to set the right price and limits for their coverage. One in four medium-sized businesses in Germany have suffered a loss from a hacker attack, according to a survey published March 28 by Germany’s GDV insurance lobby group. 
“For insurers to stay relevant in an ever more technology-driven business environment, they need to embrace the opportunity while properly managing the risks,” Thomas Seidl, an analyst at Sanford C. Bernstein in London, said in a note to clients on April 24.

Like Munich Re and Allianz, Beazley also sees rapid growth in cyber insurance. The Lloyd’s of London insurer partners with Munich Re to provide the product and it’s running the book at a profit. To make sure that continues, insurers are careful not to take overly large risks in the nascent market.
“We limit our coverage to $100 million per client, of which both Munich Re and Beazley take $50 million,” Beazley’s Bantick said. “In bigger programs, the $100 million is just a first part, with others providing additional coverage.”

The scope of cyber insurance varies from one provider to the other. Typically, it protects against data and network security breaches and associated losses, and insurers limit their capacity to between $5 million and $100 million per client.
A customer fact sheet prepared by insurer Chubb Ltd., which counts the U.S. as its largest market, described a claim where hackers gained access to a school district’s network to steal names, addresses and account information from 20,000 past and present faculty and students. 

Compensation included settlements from compromised individuals, costs of responding to a regulatory investigation and public relations fees. Other cases included a data center for an online retailer that was forced to shut down temporarily and a car components maker whose system was encrypted to extort ransom.

A recent study by risk modeler Risk Management Solutions Inc. found that “if all U.S. businesses had cyber insurance, over $5 billion a year would be lost to the insurance industry from cyber data exfiltration alone. Data breaches are the leading cause of cyber insurance loss.”

Global Event
One concern is that a global cyber event such as a devastating virus spreading from Asia to Europe and the U.S. or a global cloud computing provider breaking down could affect a large number of companies covered by one insurer.
“A hurricane with a probability of happening once in 25 years could cost us as much as $150 million and the whole industry about $30 billion,” said Hiscox CEO Bronek Masojada in an interview. “Due to the lack of history, the question with cyber is whether a $30 billion loss happens once in 25 years or once in 100 years. The most important question is whether we will be alive after it.”

In terms of growth, “cyber is by far the most important part” of the business at Hiscox right now, he said. The London-based insurer will write more than $100 million in cyber premiums this year at a growth rate of 20 percent to 30 percent, Masojada estimated. 

Cyber insurance premiums at Beazley already exceed $400 million, excluding broker commissions, Bantick said. Munich Re’s premium income from the product rose to $263 million last year from $191 million in 2015. The Munich-based reinsurer aims to keep a market share of 8 percent to 10 percent going forward, reinsurance head Torsten Jeworrek said. 

Europe Awakes
Beazley’s Bantick says his company is “starting to see shoots of demand in Europe, Latin America and Asia.” Allianz’s Mai agrees, adding that he sees last year’s strong growth rates as “the product’s final breakthrough in Europe.”
Prices are on the rise as well. In the US, cyber-liability rates climbed for the 10th consecutive quarter at the end of last year while rates continued to decline in most other global insurance lines, according to a report by broker Marsh & McLennan Cos.
“While there are a lot of companies buying cyber coverage, most of them are data-breach driven,” Beazley’s Bantick said. “But clients are looking for large, holistic cyber programs that cover whatever happens from data breach to property damage and business interruption.”

Leoni AG’s experience is a lesson in the complexity of cyber risks. The German cable manufacturer lost 40 million euros last year when fraudsters used fake electronic communication to trick an executive into transferring the cash to foreign accounts. In the end Leoni got about 5 million euros from fidelity insurance it had. Even though the company had sufficient cyber insurance in place, it didn’t apply because the fraudsters didn’t hack the company’s systems.

Bloomberg:

You Might Also Read:

Company Lost $44m Through One Email Fraud:

Hackers Steal $50 Million From Leading Aviation Design Company:

Systemic Cyber Attacks Most Likely In Finance & Energy Industries:

Cyber Should Be Standalone Insurance:

 

 

« Industrial Robots Are A Security Weak Link
Trump Signs Cybersecurity Order »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Advisen

Advisen

Advisen is the leading provider of data, media, and technology solutions for the commercial property and casualty insurance market including cyber risk.

Vector InfoTech

Vector InfoTech

Vector InfoTech is a leader in Industrial Security, Networks, IT and Telecommunications.

Silverskin Information Security

Silverskin Information Security

Silverskin is a cyber attack company that specializes in having knowledge of the attacker's mindset to identify vulnerabilities and build effective and persistent defences.

Meiya Pico Information Co

Meiya Pico Information Co

Meiya Pico is the leading digital forensics and information security products and service provider in China.

MASS

MASS

MASS provides world-class capabilities in electronic warfare operational support, cyber security, information management, support to military operations and law enforcement.

PrivateVPN

PrivateVPN

PrivateVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

Corrata

Corrata

Corrata is an award-winning provider of mobile security and data control solutions for enterprises.

Seekurity

Seekurity

Seekurity is an information security consulting firm specialized in all areas of Cyber Security including Penetration Testing, Vulnerability Assessments and Risk Management.

Falcongaze

Falcongaze

Falcongaze SecureTower is a comprehensive DLP solution for the protection of business against internal threats.

Dasera

Dasera

Dasera’s Radar and Interceptor products deliver visibility, governance, and protection solutions for data-agile companies.

Nineteen Group

Nineteen Group

Nineteen Group delivers major-scale exhibitions within the security, fire, emergency services, health and safety, facilities management and maintenance engineering sectors.

PKI Solutions

PKI Solutions

PKI Solutions offers Public Key Infrastructure (PKI) products, services, and training to help ensure the security of organizations now and in the future.

Cyber Risk International

Cyber Risk International

Cyber Risk International offer CyberPrism, a B2B SaaS solution that empowers businesses to perform a self-assessment of their cyber security program.

HaystackID

HaystackID

HaystackID provides industry-leading computer forensics, eDiscovery, and attorney document review experts to help with complex, data-intensive investigations and litigation.

Leo CybSec

Leo CybSec

Leo CybSec unites a group of Cyber Security experts with 20+ years of collective expertise to help our clients realise and mitigate the cyber challenges and risks facing their business.

Athena7

Athena7

Athena7 is a dedicated assessment practice committed to helping organizations understand how their infrastructure, backups, and security controls will withstand the latest threat actor tactics.